Experts: CMMC principles buy down supply-chain risk, but no guarantee against sophisticated SolarWinds-like attacks

Meeting the standards laid out in the Pentagon’s cyber certification program is a necessary start to buying down supply chain risk through establishing good cyber hygiene, but cyber experts say CMMC would not necessarily have helped contractors detect or prevent exposure to the SolarWinds attack.

The Cybersecurity Maturity Model Certification program’s current focus is on level three, which establishes a cyber regime around controlled unclassified information. Inside Cybersecurity spoke with attorneys about the benefits of CMMC for the defense industrial...